ui/ozone/platform/drm/common/client_native_pixmap_dmabuf.cc - Issue 2302053003: ozone: Validate the memory buffer used.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: ui/ozone/platform/drm/common/client_native_pixmap_dmabuf.cc

Issue 2302053003: ozone: Validate the memory buffer used. (Closed)

Patch Set: . Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: ui/ozone/platform/drm/common/client_native_pixmap_dmabuf.cc

diff --git a/ui/ozone/platform/drm/common/client_native_pixmap_dmabuf.cc b/ui/ozone/platform/drm/common/client_native_pixmap_dmabuf.cc

index 9f9288d56fa316de1bebba9ad6bcafed84844d01..a9028b291aaa12790413d214e6c091f9728fbc4e 100644

--- a/ui/ozone/platform/drm/common/client_native_pixmap_dmabuf.cc

+++ b/ui/ozone/platform/drm/common/client_native_pixmap_dmabuf.cc

@@ -60,28 +60,31 @@ std::unique_ptr<ClientNativePixmap> ClientNativePixmapDmaBuf::ImportFromDmabuf(

const gfx::Size& size,

int stride) {

DCHECK_GE(dmabuf_fd, 0);

- return base::WrapUnique(

- new ClientNativePixmapDmaBuf(dmabuf_fd, size, stride));

+ base::CheckedNumeric<size_t> map_size = stride;

+ map_size *= size.height();

+ if (!map_size.IsValid())

+ return nullptr;

+ return base::WrapUnique(new ClientNativePixmapDmaBuf(dmabuf_fd, size, stride,

+ map_size.ValueOrDie()));

}

ClientNativePixmapDmaBuf::ClientNativePixmapDmaBuf(int dmabuf_fd,

const gfx::Size& size,

- int stride)

- : dmabuf_fd_(dmabuf_fd), size_(size), stride_(stride) {

+ int stride,

+ size_t map_size)

+ : dmabuf_fd_(dmabuf_fd), map_size_(map_size), size_(size), stride_(stride) {

TRACE_EVENT0("drm", "ClientNativePixmapDmaBuf");

- size_t map_size = stride_ * size_.height();

- data_ = mmap(nullptr, map_size, (PROT_READ | PROT_WRITE), MAP_SHARED,

+ data_ = mmap(nullptr, map_size_, (PROT_READ | PROT_WRITE), MAP_SHARED,

dmabuf_fd, 0);

if (data_ == MAP_FAILED) {

PLOG(ERROR) << "Failed mmap().";

- base::TerminateBecauseOutOfMemory(map_size);

+ base::TerminateBecauseOutOfMemory(map_size_);

}

ClientNativePixmapDmaBuf::~ClientNativePixmapDmaBuf() {

TRACE_EVENT0("drm", "~ClientNativePixmapDmaBuf");

- size_t size = stride_ * size_.height();

- int ret = munmap(data_, size);

+ int ret = munmap(data_, map_size_);

DCHECK(!ret);

}

« no previous file with comments | « ui/ozone/platform/drm/common/client_native_pixmap_dmabuf.h ('k') | no next file » | no next file with comments »